oss-sec mailing list archives
Re: CVE request Qemu: display: virtio-gpu-3d: information leakage in virgl_cmd_get_capset
From: <cve-assign () mitre org>
Date: Thu, 8 Dec 2016 01:34:10 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Quick Emulator built with the Virtio GPU Device emulator support is vulnerable to an information leakage issue. It could occur while processing 'VIRTIO_GPU_CMD_GET_CAPSET' command. A guest user/process could use this flaw to leak contents of the host memory bytes. http://lists.gnu.org/archive/html/qemu-devel/2016-11/msg00059.html
Use CVE-2016-9908. This is not yet available at http://git.qemu.org/?p=qemu.git;a=history;f=hw/display/virtio-gpu-3d.c but that may be an expected place for a later update. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJYSPv1AAoJEHb/MwWLVhi2qoIQAIk8ONXgNCxXa2Ikd9HOn88n h8NNQszbalHBui/MHF9vQhJGRGJ4iRZdu9mSnLgxJU+6huTkaWFYevul2Vwb7SEb HgS2SQx5d3hLwObCjSqHt/PfuT6lPDlH6h0Gjt4lViFUPAPPORc/5bI0jRAGWd2N pC9tsUNsq9dl00pdyox6KpqiklsvVVPKA7spkPMw5uAR2DK/B7HTyJeKuaKJ2XQq wVkgpCa6im86AW+zV14KRMwftNUO5H0zkXOkib/h/DuVUNzhClY2PStxePLTmqTi pnaSeZcTr5Ti/FMMhtOtS5LOlV35wkpah/dHzDFNZW5Fk54AAeoxVsPr6tKa3VdH a5izyLu05pk/B84cvOL2wl93Stt2NnZudI1JqUvPt5nfwDasVL8g/5XbHgmZhqcN 74uZf5Zo9V9ae0dET73laQTcIXUy6vEk7nvV0mmA5uTrLVS4fGMdOJI9gQVAZkqW +NzWs1FJZpNRo4kQCszAC39agb2FXRseMNO8h2bON5CgyPtpa5pL+mVNJ00iPmri 8X8RDM3h6VupDy1gF6eBFzVRVnhxgvxHf3g8P5qcoxLr0/U75XcPthy9943NDr6C FU6G897DnS9UkWhc1M+g3sLgj/wO1KrpSzf+ppshD5IOxsraAWg5AXRXvEPs6Du0 vmgrb/UXnHL9UxJjy7Xo =/c0X -----END PGP SIGNATURE-----
Current thread:
- CVE request Qemu: display: virtio-gpu-3d: information leakage in virgl_cmd_get_capset P J P (Dec 06)
- Re: CVE request Qemu: display: virtio-gpu-3d: information leakage in virgl_cmd_get_capset cve-assign (Dec 07)